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Question: 1 


Which two considerations must a network engineer have when planning for voice over wireless 
roaming? (Choose two.) 


A. Roaming with only 802.1x authentication requires full reauthentication. 
B. Full reauthentication introduces gaps in a voice conversation. 

C. Roaming occurs when e phone has seen at least four APs. 

D. Roaming occurs when the phone has reached -80 dBs or below. 


Answer: A, B 


Question: 2 


Which two 802.11 methods can be configured to protect card holder data? (Choose two.) 


A. CCMP 
B. WEP 
C. SSL 
D. TKIP 
E. VPN 


Answer: CE 


Question: 3 


An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP-TLS. 
Which two changes are necessary? (Choose two.) 


A. Cisco Secure ACS is required. 

B. A Cisco NAC server is required. 

C. All authentication clients require their own certificates. 
D. The authentication server now requires a certificate. 

E. The users require the Cisco AnyConnect client. 


Answer: CD 


Question: 4 


Which mobility mode must a Cisco 5508 wireless Controller be in to use the MA functionality on a 
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cisco catalyst 3850 series switch with a cisco 550 Wireless Controller as an MC? 


A. classic mobility 

B. new mobility 

C. converged access mobility 
D. auto-anchor mobility 


Answer: C 


Question: 5 


WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through 
an ACS server. For security reasons, the network engineer wants to ensure only PEAP authentication 
can be used. The engineer sent instructions to clients on how to configure their supplicants, but 
users are still in the ACS logs authentication using EAP-FAST. Which option describes the most 
efficient way the engineer can ensure these users cannot access the network unless the correct 
authentication mechanism is configured? 


A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS 
accounts until they make sure they correctly configured their devices. 

B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the 
list of MACs that have used EAP-FAST. 

C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only 
when the EAP authentication method is PEAP. 

D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that 
authenticated using EAP-FAST into a quarantine VLAN. 


Answer: D 


Question: 6 


An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which 
technology is required to accomplish this configuration? 


A. mobility service engine 
B. wireless control system 
C. identify service engine 
D. Prime Infrastructure 


Answer: C 


Question: 7 


When you configure BYOD access to the network, you face increased security risks and challenges. 
Which challenge is resolved by deploying digital client certificates? 
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A. managing the increase connected devices 

B. ensuring wireless LAN performance and reliability 
C. providing device choice and support 

D. enforcing company usage policies 


Answer: D 


Question: 8 


Scenario 


TOPOLOGY 
Topology 


Cinco 3560 Eant WLC 25044 


Console 


MONITOR 
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WLAMS 


CONTROLLER 
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WIRELESS 


SECURITY 


Which configuration changes need to be made to allow WPA2 + PSK to operate property on the East- 


WLC-2504A controller? (Choose four.) 


A. Disable Dynamic AP Management. 

B. Click on the Status Enabled radio button. 

C. Change the Layer 3 Security to Web Policy. 

D. Change the WPA + WPA2 Parameters to WPA2 Policy-AES. 

E. Change the PSK Format to HEX. 

F. Change the WLAN ID. 

G. Change the VLAN Identifier. 

H. Change the IP Address of the Virtual interface. 

|. Change the SSID name of the WLAN. 

J. Click on the PSK radio button and add the password in the text box. 


Answer: B, F, I, J 
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Question: 9 


Refer to the exhibit. 


Web Authentication 


Login Successful! 


You can now use all regular network services over the wireless network 


Please retain this small logout window in order to fogoff when done Note 
that you can always use the following URL to retrieve this page 
bitps7/1_1.1. logout nim) 


Logout | 


What is the 1.1.1.1 IP address? 


A. the wireless client IP address 

B. the RADIUS server IP address 

C. the controller management IP address 
D. the lightweight IP address 

E. the controller AP-manager IP address 

F. the controller virtual interface IP address 


Answer: F 


Question: 10 


A Customer is concerned about denial of service attacks that impair the stable operation of the 
corporate wireless network. The customer wants to purchase mobile devices that will operate on the 
corporate wireless network. Which IEEE standard should the mobile devices support to address the 
customer concerns? 


A. 802.11w 
B. 802.11k 
C. 802.11r 
D. 802.11h 


Answer: A 


Question: 11 


DRAG DROP 

A wireless engineer wants to schedule monthly security reports in Cisco Prime infrastructure. Drag 
and drop the report title from the left onto the expected results when the report is generated on the 
right. 
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Question: 12 


An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to use client 
MFP? 


A. Static WEP 
B. CKIP 

C. WPA+WPA2 
D. 802 1x 
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Answer: C 


Question: 13 


Which two events are possible outcomes of a successful RF jamming attack? (Choose two.) 


A. unauthentication association 

B. deauthentication multicast 

C. deauthentication broadcast 

D. disruption of WLAN services 

E. physical damage to AP hardware 


Answer: DE 


Question: 14 


Which CLI command do you use on Cisco IOS XE Software to put the AP named Floor1_AP1 back in 
the default AP group? 


A. ap Floor1_AP1 ap-groupname default-group 
B. ap name Floor1_AP1 apgroup default-group 
C. ap name Floor1_AP1 ap-groupname default-group 
D. ap name Floor1_AP1 ap-groupname default 


Answer: C 


Question: 15 


An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan 
mobility anchor add 3 10.10.10.10 command, but the command is failing. Which two conditions must 
be met to be able to enter this command? (Choose two.) 


A. The anchor controller IP address must be within the management interface subnet. 
B. The anchor controller must be in the same mobility group. 

C. The WLAN must be enabled. 

D. The mobility group keepalive must be configured. 

E. The indicated WLAN ID must be present on the controller. 


Answer: AB 
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